Persist Private Keys: Enabled / Disabled

Disabled: This option is recommended if you wish to keep keys in only one location. In this case the keys will only be persisted (stored) on the SMS. The TPS device will request the keys from the SMS when needed. If the SMS is not available, or the private key password has not been entered then any SSL traffic will continue to pass through the box un-inspected until the device retrieves the private keys.

Enabled: Private keys are stored on the device. This option does not require the SMS to be available or the private key password to be entered on the SMS in order for the SSL feature to be enabled.

Things to think about;

1.  If the “Persist Private Keys” option is disabled (keys are stored in the SMS) and the TPS device re-boots, the device will lose the keys and will have to request them from the SMS.
2.  If the “Persist Private Keys” option is enabled (keys are stored in the device) and the option is disabled, the keys will persist in memory until the device is re-booted. After the reboot, the device will not have the keys so it will reach back to the SMS to send them down. Until the device gets those keys it will not be able to decrypt SSL traffic.